TPP identification
- authentication & authorisation
- get your test certificate
- API endpoint-role restrictions
K&H’s APIs use two-way authentication based on TLS (Transport Layer Security) where the identity of the client (TPP) and the server (K&H Bank) is verified based on digital certificates only.
Both parties using K&H’s API identify themselves with a qualified website authentication certificate issued by a qualified trust service provider. The certificate contains the specific attributes according to the “Regulatory Technical Standards on strong customer authentication and secure communication” referred to in Article 98 of Directive (EU) 2015/2366 of the European Parliament and of the Council. See ETSI TS 119 495 V1.1.2.
K&H’s API sandbox allows you to try an API even if you don’t have the certificate referred to above. Test certificate can be obtained from the sandbox after finalized registration
The live APIs are not available with the test certificate.
The above certificate is one of the requirements for live API usage. In addition, the TPP must be included in the EBA register in accordance with Article 15 of Directive (EU) 2015/2366 of the European Parliament and of the Council.
Further, a TPP can only call the APIs that match its role. (For example, a TPP who aggregates account information cannot call payment initiation API.)
Available API endpoints by TPP roles, see here.
|
API endpoints |
AISP |
PISP |
PIISP |
|---|---|---|---|
|
/v1/payments/payment-order POST |
|
x |
|
|
/v1/payments/payment-order/{paymentId} GET |
|
x |
|
|
/v1/payments/payment-order/{paymentId}/status GET |
|
x |
|
| /v1/payments/payment-order/{paymentId} DELETE | x | ||
|
/v1/payments/payment-order/{paymentId}/authorisations POST |
|
x |
|
|
/v1/payments/payment-order/{paymentId}/authorisations GET |
|
x |
|
|
/v1/payments/payment-order/{paymentId}/authorisations/{authorisationId} PUT |
|
x |
|
|
/v1/payments/payment-order/{paymentId}/authorisations/{authorisationId} GET |
|
x |
|
| /v1/bulk-payments/payment-order POST | x | ||
| /v1/bulk-payments/payment-order/{paymentId} GET | x | ||
| /v1/bulk-payments/payment-order/{paymentId}/status GET | x | ||
| /v1/bulk-payments/payment-order/{paymentId} DELETE | x | ||
| /v1/bulk-payments/payment-order/{paymentId}/authorisations POST | x | ||
| /v1/bulk-payments/payment-order/{paymentId}/authorisations GET | x | ||
| /v1/bulk-payments/payment-order/{paymentId}/authorisations/{authorisationId} PUT | x | ||
| /v1/bulk-payments/payment-order/{paymentId}/authorisations/{authorisationId} GET | x | ||
|
/v1/periodic-payments/standing-order POST |
|
x |
|
|
/v1/periodic-payments/standing-order/{paymentId} GET |
|
x |
|
|
/v1/periodic-payments/standing-order/{paymentId}/status GET |
|
x |
|
| /v1/periodic-payments/standing-order/{paymentId}/authorisations POST | x | ||
|
/v1/periodic-payments/standing-order/{paymentId}/authorisations POST |
|
x |
|
|
/v1/periodic-payments/standing-order/{paymentId}/authorisations GET |
|
x |
|
|
/v1/periodic-payments/standing-order/{paymentId}/authorisations/{authorisationId} PUT |
|
x |
|
|
/v1/periodic-payments/standing-order/{paymentId}/authorisations/{authorisationId} GET |
|
x |
|
| /v1/signing-baskets POST | x | x | x |
| /v1/signing-baskets/{basketId} GET | x | x | x |
| /v1/signing-baskets/{basketId} DELETE | x | x | x |
| /v1/signing-baskets/{basketId}/authorisations GET | x | x | x |
| /v1/signing-baskets/{basketId}/authorisations/{authorisationId} PUT | x | x | x |
| /v1/signing-baskets/{basketId}/authorisations/{authorisationId} GET | x | x | x |
| /v1/bulk-payments/payment-order/{paymentId}/cancellation-authorisations POST | x | ||
| /v1/bulk-payments/payment-order/{paymentId}/cancellation-authorisations GET | x | ||
| /v1/bulk-payments/payment-order/{paymentId}/cancellation-authorisations/{cancellationId} PUT | x | ||
| /v1/bulk-payments/payment-order/{paymentId}/cancellation-authorisations/{cancellationId} GET | x | ||
| /v1/payments/payment-order/{paymentId}/cancellation-authorisations POST | x | ||
| /v1/payments/payment-order/{paymentId}/cancellation-authorisations GET | x | ||
| /v1/payments/payment-order/{paymentId}/cancellation-authorisations/{cancellationId} PUT | x | ||
| /v1/payments/payment-order/{paymentId}/cancellation-authorisations/{cancellationId} GET | x | ||
| /v1/periodic-payments/standing-order/{paymentId}/cancellation-authorisations POST | x | ||
| /v1/periodic-payments/standing-order/{paymentId}/cancellation-authorisations GET | x | ||
| /v1/periodic-payments/standing-order/{paymentId}/cancellation-authorisations/{cancellationId} PUT | x | ||
| /v1/periodic-payments/standing-order/{paymentId}/cancellation-authorisations/{cancellationId} GET | x | ||
|
/v1/accounts/{account-id} GET |
x |
|
|
|
/v1/accounts/{account-id}/balances GET |
x |
|
|
|
/v1/accounts/{account-id}/transactions GET |
x |
|
|
|
/v1/accounts/{account-id}/transactions/download/{downloadid} GET |
x |
|
|
|
/v1/consents POST |
x |
x |
x |
|
/v1/consents/{consentId} GET |
x |
x |
x |
|
/v1/consents/{consentId}/authorisations POST |
x |
x |
x |
|
/v1/consents/{consentId}/authorisations GET |
x |
x |
x |
|
/v1/consents/{consentId}/authorisations/{authorisationId} GET |
x |
x |
x |
|
/v1/consents/{consentId}/authorisations/{authorisationId} PUT |
x |
x |
x |
|
/v1/consents/{consentId}/status GET |
x |
x |
x |
|
/v1/consents/{consentId} DELETE |
x |
x |
x |
|
/v1/funds-confirmations POST |
|
x |
x |
|
/v1/tpp/app POST |
x |
x |
x |
|
/v1/tpp/contact PUT |
x |
x |
x |
|
/v1/tpp/app/token POST |
x |
x |
x |